Re: [proxies] [IETF Proxy] Next Steps
Stefan Winter <stefan.winter@restena.lu> Tue, 22 April 2008 06:09 UTC
Return-Path: <proxies-bounces@ietf.org>
X-Original-To: proxies-archive@ietf.org
Delivered-To: ietfarch-proxies-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A7633A6863; Mon, 21 Apr 2008 23:09:55 -0700 (PDT)
X-Original-To: proxies@core3.amsl.com
Delivered-To: proxies@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C730F3A6863 for <proxies@core3.amsl.com>; Mon, 21 Apr 2008 23:09:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.561
X-Spam-Level:
X-Spam-Status: No, score=-1.561 tagged_above=-999 required=5 tests=[AWL=1.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Udc-3LQFlra6 for <proxies@core3.amsl.com>; Mon, 21 Apr 2008 23:09:53 -0700 (PDT)
Received: from smtp.restena.lu (legolas.restena.lu [158.64.1.34]) by core3.amsl.com (Postfix) with ESMTP id 64E5F3A6833 for <proxies@ietf.org>; Mon, 21 Apr 2008 23:09:53 -0700 (PDT)
Received: from smtp.restena.lu (localhost [127.0.0.1]) by smtp.restena.lu (Postfix) with ESMTP id E6CBF30276EA; Tue, 22 Apr 2008 08:09:58 +0200 (CEST)
Received: from [158.64.1.155] (aragorn.restena.lu [158.64.1.155]) by smtp.restena.lu (Postfix) with ESMTP id D48A630275FD; Tue, 22 Apr 2008 08:09:58 +0200 (CEST)
Message-ID: <480D8136.9000702@restena.lu>
Date: Tue, 22 Apr 2008 08:09:58 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Thunderbird 2.0.0.12 (X11/20080226)
MIME-Version: 1.0
To: Glen Zorn <gzorn@arubanetworks.com>
References: <7.0.1.0.2.20080416172531.02401228@nist.gov><200804171550.48931.stefan.winter@ restena.lu><480769A1.9080408@nitros9.org> <200804180911.39758.stefan.winter@restena.lu> <A3DA4C2546E1614D8ACC896746CDCF29011A353E@aruba-mx1.arubanetworks.com>
In-Reply-To: <A3DA4C2546E1614D8ACC896746CDCF29011A353E@aruba-mx1.arubanetworks.com>
X-Enigmail-Version: 0.95.6
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: proxies@ietf.org
Subject: Re: [proxies] [IETF Proxy] Next Steps
X-BeenThere: proxies@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for ad hoc group interested in security and proxies <proxies.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:proxies@ietf.org>
List-Help: <mailto:proxies-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1016509907=="
Sender: proxies-bounces@ietf.org
Errors-To: proxies-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 |> Certainly. Contractual bounds could be used. My personal |> preference would be to have an encryption channel between home |> and visited domain AAA servers (_not_ NASes) to eliminate the |> problem of paperwork at all, but I admit that this is almost |> impossible to do correct. | | Not sure why you say this: getting the keys set up might be politically | or procedurally hard, but it seems technically straightforward. I assume you are thinking of a manual key distribution between peers? That is an option for a small scale deployment for sure. With 1000 admin domains where every one may want to exchange secret information with everyone else, there would need to be 1000^2 sets of keys in place. All peers are not allowed to be in possession of any keys but those concerning themselves. While it is technically possible (maybe), the deployment and maintenance hurdles of such a key blob are prohibitive. Or did you mean something completely different that we simply overlooked? I'd be very eager to hear about it then! Greetings, Stefan Winter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIDYE2+jm90f8eFWYRAv7hAJ9ZeB6ovHI1GSJ8JK5HPqvhf1tlUwCfVw38 cNLGXdHVgHbWKkn8sigbl0w= =Dz3q -----END PGP SIGNATURE-----
_______________________________________________ Proxies mailing list Proxies@ietf.org https://www.ietf.org/mailman/listinfo/proxies
- [proxies] [IETF Proxy] Next Steps Katrin Hoeper
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Alan DeKok
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Katrin Hoeper
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Bernard Aboba
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Alan DeKok
- Re: [proxies] [IETF Proxy] Next Steps Bernard_Aboba
- Re: [proxies] [IETF Proxy] Next Steps Bernard_Aboba
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga